X-Git-Url: https://git.kernelconcepts.de/?p=karo-tx-uboot.git;a=blobdiff_plain;f=common%2Fenv_common.c;h=af59c72e1fd7d502f4899d99e8a1458cc7354d13;hp=c0bfc2f5db3b3efebb7c039747b54abc186c1acc;hb=ce76c172b07fd74c24722ed1fe2ef925a6e87a92;hpb=9cc18042e61275210cf888e5759347eeb2a2e297 diff --git a/common/env_common.c b/common/env_common.c index c0bfc2f5db..af59c72e1f 100644 --- a/common/env_common.c +++ b/common/env_common.c @@ -27,12 +27,10 @@ struct hsearch_data env_htab = { .change_ok = env_flags_validate, }; -static uchar __env_get_char_spec(int index) +__weak uchar env_get_char_spec(int index) { return *((uchar *)(gd->env_addr + index)); } -uchar env_get_char_spec(int) - __attribute__((weak, alias("__env_get_char_spec"))); static uchar env_get_char_init(int index) { @@ -120,7 +118,7 @@ void set_default_env(const char *s) } if (himport_r(&env_htab, (char *)default_environment, - sizeof(default_environment), '\0', flags, + sizeof(default_environment), '\0', flags, 0, 0, NULL) == 0) error("Environment import failed: errno = %d\n", errno); @@ -137,9 +135,55 @@ int set_default_vars(int nvars, char * const vars[]) */ return himport_r(&env_htab, (const char *)default_environment, sizeof(default_environment), '\0', - H_NOCLEAR | H_INTERACTIVE, nvars, vars); + H_NOCLEAR | H_INTERACTIVE, 0, nvars, vars); } +#ifdef CONFIG_ENV_AES +#include +/** + * env_aes_cbc_get_key() - Get AES-128-CBC key for the environment + * + * This function shall return 16-byte array containing AES-128 key used + * to encrypt and decrypt the environment. This function must be overriden + * by the implementer as otherwise the environment encryption will not + * work. + */ +__weak uint8_t *env_aes_cbc_get_key(void) +{ + return NULL; +} + +static int env_aes_cbc_crypt(env_t *env, const int enc) +{ + unsigned char *data = env->data; + uint8_t *key; + uint8_t key_exp[AES_EXPAND_KEY_LENGTH]; + uint32_t aes_blocks; + + key = env_aes_cbc_get_key(); + if (!key) + return -EINVAL; + + /* First we expand the key. */ + aes_expand_key(key, key_exp); + + /* Calculate the number of AES blocks to encrypt. */ + aes_blocks = ENV_SIZE / AES_KEY_LENGTH; + + if (enc) + aes_cbc_encrypt_blocks(key_exp, data, data, aes_blocks); + else + aes_cbc_decrypt_blocks(key_exp, data, data, aes_blocks); + + return 0; +} +#else +static inline int env_aes_cbc_crypt(env_t *env, const int enc) +{ + return 0; +} +#endif + /* * Check if CRC is valid and (if yes) import the environment. * Note that "buf" may or may not be aligned. @@ -147,6 +191,7 @@ int set_default_vars(int nvars, char * const vars[]) int env_import(const char *buf, int check) { env_t *ep = (env_t *)buf; + int ret; if (check) { uint32_t crc; @@ -159,7 +204,15 @@ int env_import(const char *buf, int check) } } - if (himport_r(&env_htab, (char *)ep->data, ENV_SIZE, '\0', 0, + /* Decrypt the env if desired. */ + ret = env_aes_cbc_crypt(ep, 0); + if (ret) { + error("Failed to decrypt env!\n"); + set_default_env("!import failed"); + return ret; + } + + if (himport_r(&env_htab, (char *)ep->data, ENV_SIZE, '\0', 0, 0, 0, NULL)) { gd->flags |= GD_FLG_ENV_READY; return 1; @@ -172,6 +225,30 @@ int env_import(const char *buf, int check) return 0; } +/* Emport the environment and generate CRC for it. */ +int env_export(env_t *env_out) +{ + char *res; + ssize_t len; + int ret; + + res = (char *)env_out->data; + len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); + if (len < 0) { + error("Cannot export environment: errno = %d\n", errno); + return 1; + } + + /* Encrypt the env if desired. */ + ret = env_aes_cbc_crypt(env_out, 1); + if (ret) + return ret; + + env_out->crc = crc32(0, env_out->data, ENV_SIZE); + + return 0; +} + void env_relocate(void) { #if defined(CONFIG_NEEDS_MANUAL_RELOC)